Does the HA server stay in the IoT vlan and I only connect via VPN to reach it.
Or do I punch a hole in the firewall to reach it from my main vlan?
Or do I set the server to be in two vlans?
Do I put the HA server in the main vlan and let it only talk to the devices in the iot vlan?
Forget all above…
You see I’m lost on the concept. If I have a concept I hope to be able to follow the individual tutorials to set it up.
If possible I would prefer a configuration without cloud access. A remote access to the network should be possible via a VPN setup in the UDM Pro? Or a seperate DNS server on the iot vlan?
For any heads up I’d be more than grateful and we could all together impress my wife with more than one shelly controled via smartphone
Hello Villanelle,
Welcome to the HA Forums.
Maybe I can offer some advice.
Segmented networks are not officially supported within HA.
HA is designed and expects a flat subnet to work as intended.
This is because every segmented network is different for IP’s and number of segments and firewalls and sharing rules and about 650495849085 other things.
This does not mean you can’t use them or that they can’t be made to work, it means that to get them working you are the support structure on your own subnet(s) and if you are asking for support in the future, you should disclose to the volunteer helping you that this is in use as it often changes the correct answers.
Please keep this in mind when you are trying to do this kind of thing.
I would recommend going for the container installation instead of HAOS. I’m using the Linuxserver image because it recommends running as non-root (I heard you can also set up the official image this way but the official guide recommends priviliged mode, which is a big no-no). https://hub.docker.com/r/linuxserver/homeassistant
As for the networking problem, prefer using stuff that can’t connect to LAN/internet, like Zigbee devices. Obviously there might be some stuff that’s only available with WiFi, I don’t know what’s the best way for managing those.
Hi, @Villanelle, sure thing. Do you have a more concrete question?
That thread is huge, but contains many different perspectives and solutions to inspire you. I suggest a good read
Multiple networks/VLANs configuration is already supported natively if you are presenting multiple interfaces (virtual ones count too) to HA. From what you’ve written before, it does not look like you are virtualizing HA (proxmox or something similar), so you will have to create your extra vlanned interfaces in the HA terminal, like this:
Install the SSH & Web Terminal add-on, configure it according to instructions.
Enter the terminal and run:
ha network -h
to have a list of commands and examples shown to you.
Create your virtual vlanned interfaces, one per each network you want to separate, and have HA talk to it and its members.
ha network vlan REAL_INTERFACE_NAME VLAN_ID --ipv4-method auto --ipv6-method disabled
Use only once the --ipv4-gateway IP_GATEWAY variable in the interface that you want HA to go to the internet (usually main LAN interface). Many/per interface defined gateways WILL bring you routing problems.
Go to Settings / System / Network in HA and check if the interfaces/networks added are properly configured and setup. Choose the main adapter in this same page.
Your questions:
Yes, it needs to stay in every VLAN you have devices. A normal “problematic” situation arises if you want to control media (Chromecasts, etc.) and you need to have it both in your LAN and IOT VLAN,
Discovery will not work with a lot of extra config (mDNS comes to mind)
Thanks a lot for your reply. I appreciate it.
Yes i installed ha os directly on the thin client. I did not use proxmox.
The 206 pages of the setup thread are a bit intimidating even more so I sometimes can’t figure out if all the answers apply to one concept of setting it up.
I’m still not clear if i leave my main vlan and the iot vlan with ha server completely separate and only access ha via app/ cloud/vpn. Or if i try to connect the vlans via firewall/…
No worries my german is really rusty, but I can tell you that the first question is just as simple as “Are you going to connect any equipment to HA in your main VLAN?” If so you’ll definitely have an easier time configuring stuff by just having two interfaces, one per VLAN. If not, just install it in your IOT VLAN and use firewall rules to controll traffic in and out of the IOT VLAN.
That’s what people in need are looking for I too struggled with stuff (and still struggle to be fair) and I always got/get help from generous people. You just have to give back however you can, right? and thanks for the props! Keep digging!
)Shelly on an IOT network. I blocked all traffic from and to this vlan.
